Unable to connect to mosquitto server running on port 8883 using SSL

[jpwsutton]

migrated from Bugzilla #395241
status CLOSED severity major in component MQTT-Java for ---
Reported in version unspecified on platform Other
Assigned to: Dave Locke

On 2012-11-28 01:43:50 -0500, Tushar Bapte wrote:

Throwing exception after :

KeyPair key = (KeyPair)reader.readObject();

my java code:

public class SslUtil
{
static SSLSocketFactory getSocketFactory (final String caCrtFile, final String crtFile, final String keyFile, final String password) throws Exception
{
Security.addProvider(new BouncyCastleProvider());

  // load CA certificate
  PEMReader reader = new PEMReader(new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(caCrtFile)))));
  X509Certificate caCert = (X509Certificate)reader.readObject();
  reader.close();

  // load client certificate
  reader = new PEMReader(new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(crtFile)))));
  X509Certificate cert = (X509Certificate)reader.readObject();
  reader.close();

  // load client private key
  reader = new PEMReader(
          new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(keyFile)))),
          new PasswordFinder() {
              public char[] getPassword() {
                  return password.toCharArray();
              }
          }
  );
  KeyPair key = (KeyPair)reader.readObject();
  reader.close();

  // CA certificate is used to authenticate server
  KeyStore caKs = KeyStore.getInstance("JKS");
  caKs.load(null, null);
  caKs.setCertificateEntry("ca-certificate", caCert);
  TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
  tmf.init(caKs);

  // client key and certificates are sent to server so it can authenticate us
  KeyStore ks = KeyStore.getInstance("JKS");
  ks.load(null, null);
  ks.setCertificateEntry("certificate", cert);
  ks.setKeyEntry("private-key", key.getPrivate(), password.toCharArray(), new java.security.cert.Certificate[]{cert});
  KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX");
  kmf.init(ks, password.toCharArray());

  // finally, create SSL socket factory
  SSLContext context = SSLContext.getInstance("TLSv1");
  context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

  return context.getSocketFactory();

}
}

org.bouncycastle.openssl.PEMException: problem parsing ENCRYPTED PRIVATE KEY: javax.crypto.BadPaddingException: pad block corrupted
at org.bouncycastle.openssl.PEMReader$EncryptedPrivateKeyParser.parseObject(Unknown Source)
at org.bouncycastle.openssl.PEMReader.readObject(Unknown Source)
at org.eclipse.paho.sample.mqttv3app.SslUtil.getSocketFactory(SslUtil.java:39)
at org.eclipse.paho.sample.mqttv3app.Sample.(Sample.java:194)
at org.eclipse.paho.sample.mqttv3app.Sample.main(Sample.java:137)
Caused by: javax.crypto.BadPaddingException: pad block corrupted
at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineDoFinal(Unknown Source)
at javax.crypto.Cipher.doFinal(Cipher.java:1921)

On 2012-12-14 07:12:44 -0500, Andy Piper wrote:

Assigning to Dave for investigation as this is the Java client.

On 2013-03-05 10:14:26 -0500, Andy Piper wrote:

*** This bug has been marked as a duplicate of bug 399947 ***

On 2013-04-15 10:55:35 -0400, Andy Piper wrote:

Reassignment to MQTT-Java